Home Guides Glossary

Securing Your Server Against the Heartbleed Vulnerability

Due to a major security flaw in OpenSSL, you should update your server to the newest version of the software. The following versions of OpenSSL are affected:

  • 0.9.8
  • 1.0.0
  • 1.0.1 through 1.0.1f

Only customers using dedicated and virtual private servers need to complete the steps listed in this article steps. These steps do not apply to Ubuntu-based servers, however.

To check your server's version of OpenSSL, run the following command:

rpm -qa openssl

If you're affected, you need to complete the following steps to update your version of OpenSSL and secure your server.

To Secure Your Server Against the Heartbleed Vulnerability

  1. Edit the file /etc/yum.repos.d/CentOS-Base.repo, and change the following highlighted lines:
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
    to
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    #mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  2. Clean the yum repositories on the server by running the following command:
    yum clean all
  3. Update OpenSSL on the server by running the following command:
    yum update openssl
    This installs version openssl-1.0.1e-16.el6_5.7.
  4. Confirm the update was installed successfully by running the following command:
    openssl version -a
    The output will display the following:
    'built on: Tue Apr 8 02:39:29 UTC 2014'
    Additionally the fix can be confirmed that it is in place by running the following command:
    rpm -q --changelog openssl | head
    The first few lines will show the following:
    'fix CVE-2014-0160 - information disclosure in TLS heartbeat extension'
  5. Restart Apache or any other web server which is currently installed on the server, this will allow the new version of Open SSL to be used.
  6. Edit the file /etc/yum.repos.d/CentOS-Base.repo, and change the following highlighted lines to revert it to the original version:
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    #mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
    to
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    mirrorlist=http://s2plmirror01.prod.sdl2.secureserver.net/download/mirrors/cos-$releasever-updates.$basearch
    failovermethod=priority
    #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
  7. Re-key any SSLs your server uses. If you use our SSLs, you can find those instructions in Rekey certificate.

Domain Registration

Pay less for website domain names. Register your own .com, .net or .org for as low as $10.18 per year. We have everything you need to get online with your new domain.

Website Builder

For as little as $3.89 per month you can build your Website online with Website Builder using our easy to use professional templates. Play Video - Demo

Quick Shopping Cart

Build and run your own successful online store in minutes. You're just five easy steps away! Shopping Cart works with Google® and eBay® Play Video

Website Hosting

Everything needed to give your website the high-performance home it deserves.  Protect transactions and secure your customer's data with a SSL Certificate

Copyright © 2005 - 2017. All rights reserved. Privacy Policy